<?php
require_once("global_funcs.inc.php");

class user
{
    private $table = null;
    
    function __construct($username=null)
    {
        // create a connection to the database
        $db = connect_db();
        
        // save the username
        $uname = $username;
        
        $this->table = "users";
    }
    
    function checkUserExists($uname)
    {
        $username = mysql_real_escape_string($uname);
        $check_user = "select * from {$this->table} where uname='$username'";
        $check_res = mysql_query($check_user);
        
        // If we get more than one tuples for this user
        if(mysql_num_rows($check_res) > 0)
            return true;
        else 
            return false;
    }
    
    function addUser($user_details)
    {
        $data = array();
        
        if($user_details['passwd1'] != $user_details['passwd2'])
            return array(false,"Passwords do not match");
        
        $data['uname'] = mysql_real_escape_string($user_details['uname']);
        
        // If this username already exists
        if($this->checkUserExists($data['uname']) == true)
            return array(false,"User already exists");
        
        // Create the array for creating the query string
        $data['passwd'] = sha1($user_details['passwd1']);
        $data['email'] = mysql_real_escape_string($user_details['email']);
        $data['usertype'] = mysql_real_escape_string($user_details['type']);
        
        // An admin doesn't need to authenticate the account creation
        if($_COOKIE['admin_allowed'])
            $data['activated'] = 0;
        else
            $data['activated'] = mt_rand();
        
        // Use string formatting for creating the SQL Query
        $insert_query =  vsprintf("insert into `{$this->table}`(`%s`) values('%s')",array(implode("`,`",array_keys($data)),implode("','",$data)));
        $insert_res = mysql_query($insert_query);
        
        return $insert_res;
    }
    
    function deleteUser($uname)
    {
        // escape the string and create the query
        $username = mysql_real_escape_string($uname);
        $del_user = "delete from {$this->table} where uname = '{$username}'";
        
        $del_res = mysql_query($del_user,$db);
        
        return $del_res;
    }
    
    function updateUserInfo($up_data,$where)
    {
        $data = array();
        $info_table = "user_info";
        
        foreach($up_data as $key => $value)
        {
            if($value != "")
                $data[$key] = "$key='$value'";
        }
        
        $update_set = implode(",",$data);
        $update_user = "update `$info_table` set $update_set where uname = '$where'";
        
        $update_res = mysql_query($update_user);
        
        return $update_res;
    }
    
    function changeUserType($user,$type)
    {
        $user = mysql_real_escape_string($user);
        $type = mysql_real_escape_string($type);
        
        $user_change = "update {$this->table} set usertype = $type where uname = '$user'"; 
        $user_change_res = mysql_query($user_change);
        
        return $user_change_res;
    }
    
    function getUserData($uname)
    {
        $username = mysql_real_escape_string($uname);
        $table_name = "user_info";
        
        $get_user = "select * from $table_name where uname = '{$username}'";
        $get_user_res = mysql_query($get_user);
        $get_user_row = mysql_fetch_assoc($get_user_res);
        
        return $get_user_row;
    }
    
    function searchUser($user,$starts = false)
    {
        $usr = mysql_real_escape_string($user);
        $search_qry = "SELECT users.uname,users.email,user_info.fname,user_info.lname FROM `users` left join `user_info` on users.uname = user_info.uname " ;
        
        if($starts)
            $search_qry = $search_qry." where users.uname like '$usr%' or fname like '$usr%'or lname like '$usr%' order by users.uname";
        else
            $search_qry = $search_qry." where users.uname like '%$usr%' or fname like '%$usr%'or lname like '%$usr%' order by users.uname";
        $search_res = mysql_query($search_qry);
        //die($search_qry);
        $data_set = array();
        while($data_row = mysql_fetch_assoc($search_res))
        {
            array_push($data_set,$data_row);
        }
        
        return $data_set;
    }
    
    function listUsers($start, $offset)
    {
        $end = $start + $offset;
        $usr = mysql_real_escape_string($user);
        $search_qry = "select users.uname,users.email,a.fname,a.lname from (users natural join usertype as fullset) left outer join user_info as a on users.uname = a.uname LIMIT $start,$end";
        
        $search_res = mysql_query($search_qry);
        
        $data_set = array();
        while($data_row = mysql_fetch_assoc($search_res))
        {
            array_push($data_set,$data_row);
        }
        return $data_set;
    }
    
    function getTotalUsers()
    {
        $total_quer = "select count(*) as count from users";
        $total_res = mysql_query($total_quer);
        
        $count = mysql_fetch_assoc($total_res);
        return $count;
    }
    
    function getUserTypes()
    {
        $utype_qry = "select * from usertype";
        
        $utype_res = mysql_query($utype_qry);
        
        $data_set = array();
        while($data_row = mysql_fetch_assoc($utype_res))
        {
            array_push($data_set,$data_row);
        }
        return $data_set;
    }
}

?>
